Release date: 2012-10-07
Updated on: 2012-10-09
Affected Systems:
PostgreSQL JDBC Driver <8.2
Description:
--------------------------------------------------------------------------------
Cve id: CVE-2012-1618
The PostgreSQL JDBC driver allows Java programs to connect to the PostgreSQL database.
PostgreSQL versions earlier than JDBC 8.2 combined with the PostgreSQL server with the "standard_conforming_strings" option enabled, there is an interactive error and some JDBC Statement parameters cannot be correctly escaped, allowing remote attackers to execute SQL injection attacks.
<* Source: vendor
Link: http://web.nvd.nist.gov/view/vuln/detail? VulnId = CVE-2012-1618
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
PostgreSQL
----------
Currently, the vendor does not provide patches or upgrade programs. We recommend that users who use the software follow the vendor's homepage to obtain the latest version:
Http://www.postgresql.org